Cyber Security: How Vulnerable Are You?

From identity theft and fraud to corporate hacking attacks, few risks are as all-encompassing as ‘cyber threats’ nowadays. From being a matter of concern for the IT industry and security professionals, it has reached the levels of a persistent business risk.

In 2015 the cyber threat landscape will continue to evolve rapidly and attacks will increase in number and sophistication from a wider range of threat actors than ever before. Cyber threatactors are commonly categorized into three groups: nation-states, cyber criminals (individuals or a group of organized criminals) and cyber activists or hacktivists who are constantly advancing their capabilities.

As sophisticated tools and techniques become more widespread, and the distinctions between the threat actors become more blurred, the long-term outlook for cyber security is an area of grave concern. The constraining factor previously was that the people with the intent to conduct widespread and high-impact cyber-attacks – the activists and the criminals – did not have the capability. This may not remain the case for much longer.

Cyber criminals, motivated by financial gain, have traditionally targeted a company’s customer base, stealing personal details or credit card information to use in fraud or to sell. Cyber activists motivated by a range of factors – including personal amusement, environmental concerns, anti-capitalist sentiment, nationalism and religion – base their activities on disrupting operations or generating embarrassment. Combating this complex threat scenario requires a comprehensive defense strategy with continuous investments and efforts in multiple security point solutions.

Cyber security has never been more important for businesses, organizations and governments for protecting their interests and assets e.g. sensitive information, customer information and intellectual property. It is scary to the extent that when a certain company shows interest in acquiring another company, perpetrators may go after the potential acquisition embedding malicious software on the systems with an intention to break into company’s systems. There have been many instances where genuine businesses have been subjected to black mailing and extortions by cyber criminals.

Few important aspects

· The emerging technology landscape e.g. The Internet of Things (IoT) or the connection of physical devices such as home appliances and cars to the internet may just end up being the “Internet of Vulnerabilities,” according to cyber experts. Since IoT will be integrated into every potential market one can think of – from energy to transport to healthcare, it will become a lucrative target for hackers that causing immense damage.

· Increased mobile connectivity and cloud (SaaS, IaaS and PaaS) adds additional challenge in the cyber security age. Corporate data can be widely accessed outside an enterprise and employees often don’t realize the risks when sharing, sending, or receiving corporate information on a smartphone or tablet, especially if it is a personal device.

· Insider threat is a major area of concern. Beyond the intentional privilege misuse, employees sometimes unknowingly raise security concern when they fail to change default passwords or follow a link or open a malicious file. In this age of over dependence on social media and BYOD where the line between personal and professional are blurring, employees unintentionally may end up disclosing sensitive information.

· Certain world powers may remain tight lipped, but cyber espionage is growing as the weapon of choice to undermine chosen enemies.

Security conversations and Indian perspective

U.S. regulators this year have been emphasizing the importance for corporate boards to take responsibility for cybersecurity. Cyber security has been identified the number one risk to the nation. Our PM Narendra Modi has already spoken about rising concern for cyber security at a recent Nasscom event.

Yes, everyone has started talking about it loudly.

While the technology market and reliance on cyber world is growing faster in India when compared to majority of countries, security is still a low priority for many companies. In fact with so many real risks, many corporates are challenged when it comes to identifying and prioritizing the focus areas for cyber security strategy. There is a lack of security awareness and skilled resources to deal with the complex threats. Some organizations may, even today, falter when asked what they consider as their most sensitive data.

The government needs to be more proactive in setting up centralized cyber incident response centers, information sharing platforms and enhance public-private collaboration to build world class capabilities in cyber security. Sectors which have higher dependency on internet, such as e-commerce, and those handling sensitive information such as banking, insurance, financial services, telecom, or the government will need to invest more in cyber security and defense including staffing and operation centers. Organizations need to start taking cyber threats seriously, act on preventing them and protect themselves and its customers.

As a make or break business issue, effective leaders need to consistently demonstrate the linkages between security and the company’s goals. Corporates need to rethink the role of information security in their organizations. They have started realizing that in an ever expanding digital world, cybersecurity is the key to safeguarding their precious assets—intellectual property, customer information, financial data, and employee records domestically and abroad.

Much more than just a defensive measure against threats, companies have started acknowledging that right investment in cybersecurity can better position their organization with business partners, customers, investors, and other stakeholders.

While many believe CIO's role is evolving and that he's occupying a key place in the boardroom, a recent study brings to light that more than half of the CIO, CTO or IT admin staff (55%) are not thanked by colleagues for carrying out essential IT tasks on their behalf.